Oracle WebLogic

 Copies of the Evaluated Configuration Guides may also be obtained by emailing seceval_us@oracle.com.

 

BEA WebLogic Integration V8.1 SP6 with BEA07-169.00 security advisory patch

BEA WebLogic Platform V8.1 SP6 with BEA07-169.00 security advisory patch  

The TOE, BEA WebLogic Integration V8.1 SP6 with BEA07-169.00 security advisory patch, is an application server that provides a foundation for an enterprise to build and integrate applications and databases. It comprises a WebLogic Integration (WLI) subsystem and also a single supporting BEA WebLogic Server® (WLS) subsystem.

WebLogic Server delivers an application infrastructure for building and integrating distributed multi-tier applications. It is based on standards such as J2EE, Web services, and XML. WebLogic Server includes the WebLogic Workshop® IDE for application development, and also provides enterprise-level security and administration facilities.

WebLogic Integration is a product built on WebLogic Server that provides the functionality for integrating business systems within an enterprise. It provides a development and run-time framework that unifies the components of business integration—business process management, data transformation, trading partner integration, connectivity, message brokering, application monitoring, and user interaction—into a single environment.

The TOE consists of a single WebLogic Server subsystem, a single WebLogic Integration subsystem, and the following configured WebLogic security providers: Auditing Provider; Authorization Provider; Adjudication Provider; Role Mapping Provider; Authentication Provider; Identity Assertion Provider; and Credential Mapping Provider.

The TOE is supported on the following Java 2 environments: BEA JRockit 1.4.2_10 SDK; and Sun Java 2 SDK 1.4.2_11 with Java HotSpot™ Client VM. The TOE is dependent on the correct operation of the Java 2 environment and on its underlying operating system, neither of which are included within the scope of the evaluation. It should also be noted that the access control policy implemented by the TOE is enforced only on access attempts made through the TOE’s interfaces. The TOE does not and cannot control attempts to access data directly (e.g., via the underlying operating system).

 

The TOE, BEA WebLogic Platform V8.1 SP6 with BEA07-169.00 security advisory patch, is an application server platform for building, extending, integrating, deploying, and managing software applications. It comprises the following components that are used in combination to support end-user developed applications:

  • WebLogic Server® V8.1 SP6
  • WebLogic Portal® V8.1 SP6
  • WebLogic Integration™ V8.1 SP6

WebLogic Server delivers an application infrastructure for building and integrating distributed multi-tier applications. It is based on standards such as J2EE, Web services, and XML. WebLogic Server includes the WebLogic Workshop® IDE for application development, and also provides enterprise-level security and administration facilities.

WebLogic Portal is built on WebLogic Server and provides the functionality for developing and running portals. A portal is a Web site that gives users a single point of access to applications and information in a unified interface. A portal lets users view each application or Web page in its own window, called a portlet, and a single browser window can contain multiple portlets. WebLogic Portal provides a portal framework, lifecycle management tools, and business services that allow users to create and manage portals that provide users with audience-specific views of applications and information, while enforcing user business policies and security requirements.

WebLogic Integration is a product built on WebLogic Server that provides the functionality for integrating business systems within an enterprise. It provides a development and run-time framework that unifies the components of business integration—business process management, data transformation, trading partner integration, connectivity, message brokering, application monitoring, and user interaction—into a single environment.

The TOE consists of a single WebLogic Server (WLS) subsystem, a single WebLogic Portal (WLP) subsystem, a single WebLogic Integration (WLI) subsystem, and the following configured WebLogic security providers: Auditing Provider; Authorization Provider; Adjudication Provider; Role Mapping Provider; Authentication Provider; RDBMS Authentication Provider; Identity Assertion Provider; WSRP Identity Assertion Provider; and Credential Mapping Provider.

The TOE is supported on the following Java 2 environments: BEA JRockit 1.4.2_10 SDK; and Sun Java 2 SDK 1.4.2_11 with Java HotSpot™ Client VM. The TOE is dependent on the correct operation of the Java 2 environment and on its underlying operating system, neither of which are included within the scope of the evaluation. It should also be noted that the access control policy implemented by the TOE is enforced only on access attempts made through the TOE’s interfaces. The TOE does not and cannot control attempts to access data directly (e.g., via the underlying operating system).

BEA WebLogic Portal V8.1 SP5 with BEA06-81.02 and BEA07-107.02 security advisory patch and SP6 BEA WebLogic Server 7.0 SP6 with BEA05-107.00 Advisory Patch

The TOE, BEA WebLogic Portal® V8.1 SP5 with BEA06-81.02 and BEA07-107.02 security advisory patches, is an enterprise portal infrastructure that enables the creation of portal interfaces independently of application logic or Web pages . It comprises a WebLogic Portal subsystem and also a single supporting BEA WebLogic Server® (WLS) subsystem.

WebLogic Server delivers an application infrastructure for building and integrating distributed multi-tier applications. It is based on standards such as J2EE, Web services, and XML. WebLogic Server includes the WebLogic Workshop® IDE for application development, and also provides enterprise-level security and administration facilities.

WebLogic Portal is built on WebLogic Server and provides the functionality for developing and running portals. A portal is a Web site that gives users a single point of access to applications and information in a unified interface. A portal lets users view each application or Web page in its own window, called a portlet, and a single browser window can contain multiple portlets.   WebLogic Portal provides a portal framework, lifecycle management tools, and business services that allow users to create and manage portals that provide users with audience-specific views of applications and information, while enforcing user business policies and security requirements.

The TOE consists of a single WebLogic Server subsystem, a single WebLogic Portal subsystem, and the following configured WebLogic security providers: Auditing Provider; Authorization Provider; Adjudication Provider; Role Mapping Provider; Authentication Provider; RDBMS Authentication Provider; Identity Assertion Provider; WSRP Identity Assertion Provider; and Credential Mapping Provider.

BEA WebLogic Server is an application server that provides a foundation for an enterprise to build and integrate applications and databases.  BEA WebLogic Server is designed to have a J2EE-compliant tiered architecture, and support for tool sets facilitate the separation of presentation, business logic, and data, providing the underlying core functionality necessary for the development and deployment of business-driven applications.  BEA WebLogic Server centralizes application services such as Web server functionality, business components, and access to backend enterprise systems.  BEA WebLogic Server also provides enterprise-level security and administration facilities.

Security functionality is provided by the WebLogic Security Subsystem (known hereafter as WebLogic Security Framework (WSF)), which provides security services for BEA WebLogic Server V7.0 SP6 with BEA05-107.00 advisory patch and hosted application programs. The WSF is an integral subset of the BEA WebLogic Server product. 

WebLogic Server is made up of various components that may be accessed by clients using various protocols. When a client connects to WebLogic Server to access a WebLogic entity (e.g., application, Enterprise JavaBeans), the various WebLogic Server components first check the security policy with the WSF. This ensures that only authorized callers will be granted access to the WebLogic entity.  WSF allows WebLogic Server components to check access for the following types of entities:  Administrative, Application, Component Object Model, Enterprise Information System, Enterprise JavaBeans, Java Database Connectivity, Java Message Service, Java Naming and Directory Interface, Server, Web (URL), Web Services.

If an entity attempts to access other entities within WebLogic Server, the WSF mediates access based on the access controls configured by a WebLogic Server administrator. The implementation of WSF security policy decisions by the WebLogic Server components is outside the scope of this evaluation.

The TOE specifically includes: The WebLogic Security Framework from WebLogic Server V7.0 SP6 with BEA05-107.00 advisory patch installed, Administration Console GUI, WebLogic Server embedded LDAP, and the WebLogic Security Providers (Authentication, Identity Assertion, Credential Mapping, Authorization, Adjudication, Role Mapping, Auditing).

The TOE does not include: Command line interfaces used after installation, WebLogic Server containers used to enforce access control decisions made via the WSF, or any of the entities mentioned above.

BEA WebLogic Server 8.1 SP5 and SP6

 

The TOE, BEA WebLogic Server® V8.1 SP5 with BEA06-81.01 and BEA05-107.00 security advisory patches, is an application server that provides a foundation for building and integrating distributed multi-tier applications. It centralizes application services, such as Web server functionality, business components, and access to back-end enterprise systems. It implements Java 2 Platform, Enterprise Edition (J2EE) version 1.3 technologies and provides a complete set of services for J2EE components.

WebLogic Server is a Java application designed to run in a Java 2 environment provided by the hosting operating system. The evaluated configuration is supported on BEA JRockit® 1.4.2_08 SDK and Sun Java 2 SDK 1.4.2_08 with Java HotSpot™ Client VM.

The WLS TOE consists of a single WebLogic Server subsystem with the following WebLogic security providers configured: Auditing Provider; Authorization Provider; Adjudication Provider; Role Mapping Provider; Authentication Provider; Identity Assertion Provider; and Credential Mapping Provider.